263 matches found
CS-Cart 安全漏洞
CS-Cart is an e-commerce platform from CS-Cart Inc. A security vulnerability exists in CS-Cart version 4.16.1. A remote attacker can exploit the vulnerability to obtain sensitive information via the productdata parameter in the PDF add-on...
CVE-2023-26690
File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via File Manager/Editor component in the vendor or admin menu...
CVE-2023-26689
An issue discovered in CS-Cart MultiVendor 4.16.1 allows attackers to alter arbitrary user account profiles via crafted post request...
CVE-2023-26690
File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via File Manager/Editor component in the vendor or admin menu...
CVE-2023-26691
Directory Traversal vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via crafted zip file when installing a new add-on...
PT-2024-12108 · Cs Cart Multivendor +1 · Pdf Add-On +1
Name of the Vulnerable Software and Affected Versions: CS-Cart MultiVendor version 4.16.1 Description: The issue allows remote attackers to obtain sensitive information via the product data parameter in the PDF Add-on. This is a Directory Traversal vulnerability, which can be exploited to access...
CVE-2023-26691
CVE-2023-26691 affects CS-Cart MultiVendor 4.16.1. A Directory Traversal vulnerability in the add-on installation ZIP processing may allow remote code execution when installing a new add-on. Affected software: CS-Cart MultiVendor 4.16.1. Impact stated: remote arbitrary code execution via crafted ...
CVE-2023-26689
An issue discovered in CS-Cart MultiVendor 4.16.1 allows attackers to alter arbitrary user account profiles via crafted post request...
PT-2024-12111 · Unknown · Cs-Cart Multivendor
Name of the Vulnerable Software and Affected Versions: CS-Cart MultiVendor version 4.16.1 Description: The issue allows remote attackers to run arbitrary code via the File Manager/Editor component in the vendor or admin menu. This is a result of a File Upload vulnerability. Recommendations: For...
PT-2024-12109 · Unknown · Cs-Cart Multivendor
Name of the Vulnerable Software and Affected Versions: CS-Cart MultiVendor version 4.16.1 Description: A Cross Site Scripting XSS issue allows remote attackers to run arbitrary code via the product data parameter of add/edit product in the administration interface. This enables attackers to execu...
CVE-2023-26688
Cross Site Scripting XSS vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the productdata parameter of add/edit product in the administration interface...
CVE-2023-26689
Summary: CVE-2023-26689 affects CS-Cart MultiVendor 4.16.1, where an attacker can alter arbitrary user account profiles via crafted POST requests. Root cause: insufficient authorization for profile editing. Impact is high (CVE score 9.8). Remediation guidance from related sources suggests disabli...
CVE-2023-26688
Cross Site Scripting XSS vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the productdata parameter of add/edit product in the administration interface...
CVE-2023-26687
CVE-2023-26687 concerns CS-Cart MultiVendor 4.16.1, where a Directory Traversal flaw in the PDF Add-on allows remote attackers to obtain sensitive information via the product_data parameter. The vulnerability affects the PDF Add-on handling of that parameter, enabling access to files/directories ...
CVE-2023-26687
Directory Traversal vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to obtain sensitive information via the productdata parameter in the PDF Add-on...
CVE-2023-26687
Directory Traversal vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to obtain sensitive information via the productdata parameter in the PDF Add-on...
CVE-2023-26691
Directory Traversal vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via crafted zip file when installing a new add-on...
CVE-2023-26686
CVE-2023-26686 : CS-Cart MultiVendor 4.16.1 has a file-upload vulnerability in the image upload feature used during shop customization, enabling remote attackers to execute arbitrary code. The root cause is not explicitly detailed beyond noting a file upload flaw; no exploitation specifics or mit...
CVE-2023-26686
File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the image upload feature when customizing a shop...
CVE-2023-26686
File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the image upload feature when customizing a shop...